Cybersecurity

Salesforce Faces Extortion Threat After Salesloft OAuth Token Exploits
Cybersecurity
Salesforce Faces Extortion Threat After Salesloft OAuth Token Exploits
A hacking consortium claims Salesloft OAuth tokens were abused to extract CRM records from 700+ companies; Salesforce says claims relate to past or unverified incidents ...
Discord Discloses Support Ticket Breach After Unauthorized Access to Third-Party System
Cybersecurity
Discord Discloses Support Ticket Breach After Unauthorized Access to Third-Party System
Discord confirmed attackers accessed a third-party support system, stealing support tickets, IDs, IPs, messages and partial billing data; investigation and user notifications are ongoing.
VMware Virtual Machines Targeted in Zero-Day Exploitation by China-Linked Hackers
Cybersecurity
VMware Virtual Machines Targeted in Zero-Day Exploitation by China-Linked Hackers
Broadcom warns of zero-day flaws in VMware software exploited by China-linked hackers, allowing privilege escalation for months, raising concerns over virtualization security and global enterprise ...
Boeing Supplier Dimensional Control Systems Targeted in Ransomware Attack
Cybersecurity
Boeing Supplier Dimensional Control Systems Targeted in Ransomware Attack
J Group ransomware gang claims to have stolen 11GB of sensitive internal documents from Boeing supplier Dimensional Control Systems, raising cybersecurity concerns across global manufacturing ...
Lynx Claims Ransomware Intrusion at TriMed Subsidiary of Henry Schein
Cybersecurity
Lynx Claims Ransomware Intrusion at TriMed Subsidiary of Henry Schein
Lynx claims a ransomware intrusion at TriMed, posting alleged executive, legal, employee and proprietary files; Henry Schein is investigating with law enforcement and forensic partners.
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
Cybersecurity
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
Red Hat confirmed unauthorized access to a consulting GitLab instance; an extortion group claims to have exfiltrated 570.2 GB from 28,000 repositories, including ~800 CERs.
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
Cybersecurity
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
WestJet confirmed a June cyberattack exposed passports, IDs, and travel records of 1.2 million customers. The airline is notifying victims and offering two years of ...
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
Cybersecurity
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
The FTC referred a complaint alleging Sendit collected children’s personal data without parental consent and used deceptive subscription practices, prompting a DoJ referral and potential ...
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
Cybersecurity
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
China’s Cyberspace Administration will require operators to report major cyber incidents within 60 minutes, or 30 minutes for severe events, with penalties for concealment or ...
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
Cybersecurity
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
Klopatra, disguised as an IPTV/VPN app, uses Accessibility abuse and a black-screen VNC to capture credentials and remotely drain over 3,000 Android devices across Europe.